Security expert Bruce Schneier has written a remarkably insightful article on the psychology of security trade-offs and risk assessment.
He’s not a psychologist by trade, although has obviously spent a lot of time researching the various studies that are relevant to the sort of decision making we engage in when trying to estimate how risky something might be.
Errors or cognitive distortions are also discussed in detail, particularly with regard to how these might bias our reasoning to make certain things seem more or less risky, even if there’s no change in actual risk.
One crucial concept that Schneier talks about is that security is a feeling, generated by a complex interplay of innate and calculated responses.
Something similar has been discussed in the clinical literature, particularly in a theory of obsessive-compulsive disorder put forward by Henry Szechtman and Erik Woody [pdf].
Obsessive-compulsive disorder or OCD is a disorder where people can feel they have to repetitively do certain actions – often some sort of checking or washing
Szechtman and Woody argue that most drives, such as hunger or sex, have a specific end point behaviour that leads to a feeling of goal satisfaction.
In contrast, the drive for safety has no specific action associated with it that ‘completes’ the desire (because you can always try and be more safe), and so they argue we’ve developed a feedback system (a ‘security feeling’) that signifies when we’ve done enough to be reasonably secure.
In OCD, this might go wrong. So even when the door is locked or you’ve washed your hands, the security feeling doesn’t kick in and you still have the strong desire to do it again.
Anxiety can make the feeling needed all the more, so when we’re anxious, we might need to check the door more, even though we specifically remember locking it.
It’s no surprise that OCD is an anxiety disorder and this may fuel the cycle.
Schneier isn’t discussing mental illness, but it’s interesting that this sort of approach can be widely applied as so much of our behaviour involves risk judgements.
Link to Bruce Schneier article ‘The Psychology of Security’.
pdf of paper ‘Obsessive-Compulsive Disorder as a Disturbance of Security Motivation’.
Mind Hacks 